Hi, Having just downloaded a couple of F38 spins to try, I had a look at the verify instructions (both identical) on https://fedoraproject.org/spins/mate/download/ https://fedoraproject.org/spins/kde/download/ ------------------------ begin paste ------------------------ Verify your download Verify your download for security and integrity using the proper checksum file. If there is a good signature from one of the Fedora keys, and the SHA256 checksum matches, then the download is valid. Download the checksum file into the same directory as the image you downloaded. Import Fedora's GPG key(s) curl -O https://fedoraproject.org/fedora.gpg You can verify the details of the GPG key(s) here. Verify the checksum file is valid gpgv --keyring ./fedora.gpg Fedora-Spins-38-1.6-x86_64-CHECKSUM Verify the checksum matches sha256sum -c Fedora-Spins-38-1.6-x86_64-CHECKSUM If the output states that the file is valid, then it's ready to use! --------------------- end paste ---------------------- The "download the checksum file" bit contians a link to download the checksum with your browser. Fair enough, but since there were command lines to copy and paste for the other two bits, I would have put a command line to fetch the checksum, too. And I wish that sha256sum command output was a bit more structured or controllable, the blob it outputs isn't the easiest thing to read: ------------------------ begin paste ------------------------ $ sha256sum -c Fedora-Spins-38-1.6-x86_64-CHECKSUM sha256sum: Fedora-Budgie-Live-x86_64-38-1.6.iso: No such file or directory Fedora-Budgie-Live-x86_64-38-1.6.iso: FAILED open or read sha256sum: Fedora-Cinnamon-Live-x86_64-38-1.6.iso: No such file or directory Fedora-Cinnamon-Live-x86_64-38-1.6.iso: FAILED open or read Fedora-KDE-Live-x86_64-38-1.6.iso: OK sha256sum: Fedora-LXDE-Live-x86_64-38-1.6.iso: No such file or directory Fedora-LXDE-Live-x86_64-38-1.6.iso: FAILED open or read sha256sum: Fedora-LXQt-Live-x86_64-38-1.6.iso: No such file or directory Fedora-LXQt-Live-x86_64-38-1.6.iso: FAILED open or read Fedora-MATE_Compiz-Live-x86_64-38-1.6.iso: OK sha256sum: Fedora-SoaS-Live-x86_64-38-1.6.iso: No such file or directory Fedora-SoaS-Live-x86_64-38-1.6.iso: FAILED open or read sha256sum: Fedora-Sway-Live-x86_64-38-1.6.iso: No such file or directory Fedora-Sway-Live-x86_64-38-1.6.iso: FAILED open or read sha256sum: Fedora-Xfce-Live-x86_64-38-1.6.iso: No such file or directory Fedora-Xfce-Live-x86_64-38-1.6.iso: FAILED open or read sha256sum: Fedora-i3-Live-x86_64-38-1.6.iso: No such file or directory Fedora-i3-Live-x86_64-38-1.6.iso: FAILED open or read sha256sum: WARNING: 19 lines are improperly formatted sha256sum: WARNING: 8 listed files could not be read --------------------- end paste ---------------------- I would have spaced that out better for humans to read, perhaps list the non-existent files separately, or have an option to skip them. Bizarrely, there is an option to say nothing about the OK files. -- uname -rsvp Linux 3.10.0-1160.90.1.el7.x86_64 #1 SMP Thu May 4 15:21:22 UTC 2023 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
